Cyber criminals who hacked the DigiNotar SSL certificates were then given the ability to impersonate compromised domains, which allowed them to take control over all entered user content in order to execute spoofing and man-in-the-middle attacks.

DigiNotar found and revoked 128 rogue certificates by July 21, while more 75 fraudulent certificates were discovered and revoked by July 27th.

However, on July 29, the Dutch certificate authority discovered a fraudulent google.com certificate previously not detected. The Fox-IT report identified 300,000 unique IP requests to the phony Google.com domain, with 99 percent originating from Iran, suggesting that the hacks were intentionally executed to intercept and spy on Web communication of Iranian citizens.

"The list of domains and the fact that 99 percent of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran,” Fox-IT said in its report.

During its investigation, Fox-IT said that it “found traces of hacker activity with administrator rights” on the Qualified and PKIoverheid CA server, as well as on other CA servers, indicating that the servers were inadequately secured and patched.

“The successful hack implies that the current network setup and/or procedures at DigiNotar are not sufficiently secure to prevent this kind of attack,” Fox-IT said.

Upon further exploration, Fox-IT found that the servers lacked any antivirus protection and contained no secure central network logging system, while all installed software was ‘outdated and not patched.” In addition, the CA servers were members of one Windows domain, making it possible to access information by using one stolen user/password combination, which was ‘not very strong and could easily be brute-forced,” Fox-IT said.

The security firm didn’t identify the attackers, but said that at least one script included a digital fingerprint was identical to a fingerprint found during a similar hack against SSL certificate authority Comodo.

Earlier this year, hackers targeted Comodo by going after four of its resellers in attacks that enabled them to gain unauthorized access to sensitive data.

“In at least one script, fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March 2011,” Fox-IT said.

Doron Kempel says selling hyper-convergence can be challenging for solution providers, but success will come from taking business from competitors that are unprepared or hesitant to embrace the technology.